Day 1 : Introduction, risk management program according to ISO/IEC 27005
Concepts and definitions related to risk management -
Risk management standards, frameworks and methodologies -
Implementation of an information security risk management program -
Understanding an organization and its context -
DAY 2 : Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO/IEC 27005
Risk identification -
Risk analysis and risk evaluation -
Risk assessment with a quantitative method -
Risk treatment -
Risk acceptance and residual risk management -
Information Security Risk Communication and Consultation -
Risk monitoring and review -
DAY 3 :Overview of other information security risk assessment methods and Certification Exam -
Presentation of OCTAVE method -
Presentation of MEHARI method-
Presentation of EBIOS method -
Presentation of Harmonized TRA method -
Certification Exam -